On 14/09/10 at 18:56 +0200, Lucas Nussbaum wrote:
> Hi,
>
> While I support welcoming non-packaging contributors as project members,
> I am concerned that we are creating the concept of second-class DDs (or
> at least, that it will be communicated like that).
>
> I see two different ways to avoid that:
>
> [A] Avoid giving DDs without upload rights any special name or title
> (like "Debian Contributors"). Their official title should be "Debian
> Developers", and they should only be special-cased in the documents
> where the distinction between DDs with upload rights and DDs without
> upload rights is important.
So, this is achieved by Stefano's new proposal, which is great news.
> [B] Give everybody upload rights anyway. If we trust them to influence
> the project's decisions through voting, we should probably trust them to
> do the right thing and not upload packages when they don't feel
> qualified to. After all, I am a DD, I have the technical power to make
> changes to eglibc and upload it, but I should probably not do that. Why
> am I treated differently from DCs in that regard?
> Of course, we have a problem with security, and it's probably not very
> reasonable to have 1000 DDs able to upload every package, and connect to
> every project machine. So I think that we could use this GR to ask DSA,
> DAM and keyring-maint to investigate changes to the Debian
> infrastructure that would mitigate security issues in the case of a
> compromise of a DD's credentials. Examples, just to illustrate what I'm
> thinking about:
> - create a "limited upload rights mode", where DDs would only be allowed
> to upload their own packages. Action from the DD, like a login on
> db.debian.org, would be required to switch to "full upload rights
> mode", and that mode would auto-expire after a month without any
> upload.
> - do something similar for access to project machines.
I took some time to draft an amendment along those lines.
<-------------
The Debian project aims at producing the best free operating system.
To that end the project benefits from various types of contributions,
including but not limited to: package maintenance, translations,
infrastructure and website maintenance, porting, bug triaging and
fixing, management activities, communication, testing, legal advice,
quality assurance, etc.
The Debian project acknowledges that:
* To pursue Debian goals, package maintenance as well as a wide range of
other technical and non-technical contributions are all valuable.
* Active contributors of non-packaging work, which share Debian values
and are ready to uphold Debian Foundation Documents, deserve the
opportunity to become Debian Developers.
The Debian project therefore invites the Debian Account Managers to:
* Endorse the idea that contributors of non-packaging work might become
Debian Developers.
* Establish procedures to evaluate and accept contributors of
non-packaging work as Debian Developers.
Additionally, the Debian project acknowledges that the current practice of
providing all Debian Developers with access to project machines, and
unlimited upload permissions to the Debian archive, does not follow the
principle of least privilege, and unnecessarily exposes the Debian
infrastructure and the Debian archive.
Therefore, the Debian project invites the relevant teams to investigate
technical methods that would permit DDs to restrict their access to Debian
infrastructure, and their upload access to the Debian archive, when their work
does not require it. Those technical methods should only be aimed at reducing
Debian's attack surface, not at limiting DDs' access and upload permissions,
and DDs should be able to regain unlimited access when their work require it
without going through a review of their skills.
------------->
diff with zack's most recent proposal at the end of my mail.
Before pushing it forward as an amendment, I'd like to hear opinions about
this: we have had problems with GRs proposing orthogonal options in the past.
This amendment proposal discusses two things that are orthogonal (giving full
upload access to non-packaging contributors, and limiting every DDs' access on
a volunteer basis). Should the second part of the amendment (after
"Additionally, ..") be dropped for now? Or should we move forward as is?
- Lucas
--- debian-contributors.txt 2010-09-15 15:21:44.734619147 +0200
+++ debian-contributors-amendment.txt 2010-09-15 16:16:19.294612170 +0200
@@ -17,12 +17,21 @@
The Debian project therefore invites the Debian Account Managers to:
* Endorse the idea that contributors of non-packaging work might become
- Debian Developers, albeit without upload access to the Debian archive.
+ Debian Developers.
* Establish procedures to evaluate and accept contributors of
non-packaging work as Debian Developers.
-* Initiate the appropriate technical measures to enable contributors of
- non-packaging work, which get accepted as Debian Developers, to
- participate in Debian decision making and to access Debian
- infrastructure.
+Additionally, the Debian project acknowledges that the current practice of
+providing all Debian Developers with access to project machines, and
+unlimited upload permissions to the Debian archive, does not follow the
+principle of least privilege, and unnecessarily exposes the Debian
+infrastructure and the Debian archive.
+
+Therefore, the Debian project invites the relevant teams to investigate
+technical methods that would permit DDs to restrict their access to Debian
+infrastructure, and their upload access to the Debian archive, when their work
+does not require it. Those technical methods should only be aimed at reducing
+Debian's attack surface, not at limiting DDs' access and upload permissions,
+and DDs should be able to regain unlimited access when their work require it
+without going through a review of their skills.